package com.sinog.auth.config.xss;

import org.springframework.stereotype.Component;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @desc 自定义cors过滤器
 * @author lzq
 * @date 2021-07-26 12:27
 */
@Component
public class SimpleCorsFilter implements Filter {

    /**
     * XSS过滤器
     * @param req req
     * @param res res
     * @param chain chain
     */
    @Override
    public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain) throws IOException, ServletException {
        XssHttpServletRequestWrapper request = new XssHttpServletRequestWrapper((HttpServletRequest)req);
        HttpServletResponse response = (HttpServletResponse)res;
        response.setHeader("Access-Control-Allow-Origin","*");
        response.setHeader("Access-Control-Allow-Methods","POST, GET, PUT, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age","3600");
        response.setHeader("Access-Control-Allow-Headers","Origin, X-Requested-With, Content-Type, Accept, token");
        response.addHeader("X-Content-Type-Options","nosniff");
        response.setHeader("Strict-Transport-Security","max-age=31536000");
        response.addHeader("Referer-Policy","origin");
        response.addHeader("X-Permitted-Cross-Domain-Policies","master-only");
        response.addHeader("X-Download-Options","noopen");
        response.addHeader("X-Frame-Options","SAMEORIGIN");
        chain.doFilter(request,response);
    }

    @Override
    public void init(FilterConfig filterConfig) {
    }

    @Override
    public void destroy() {
    }
}